package com.example.myweb.Controller.Auth;

import com.example.myweb.Common.ApiResponse;
import com.example.myweb.Dto.AdminUserDetailDTO;
import com.example.myweb.Dto.UpdateContentStatusDTO;
import com.example.myweb.Service.Auth.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;


import javax.validation.Valid;

@RestController
@RequestMapping("/admin/users")
@PreAuthorize("hasRole('ADMIN')") // 确保只有管理员能访问
public class AdminUserController {

    @Autowired
    private UserService userService;

    /**
     * 后台获取用户列表（分页）
     * GET /admin/users
     */
    @GetMapping
    public ResponseEntity<ApiResponse<Page<AdminUserDetailDTO>>> getAllUsers(Pageable pageable) {
        Page<AdminUserDetailDTO> userPage = userService.getAllUsersForAdmin(pageable);
        return ResponseEntity.ok(ApiResponse.success(userPage, "后台用户列表获取成功"));
    }

    /**
     * 后台更新用户状态（如禁言、封号）
     * PUT /admin/users/{id}/status
     */
    @PutMapping("/{id}/status")
    public ResponseEntity<ApiResponse<Void>> updateUserStatus(
            @PathVariable Long id,
            @Valid @RequestBody UpdateContentStatusDTO request) { // 复用DTO
        userService.updateUserStatusByAdmin(id, request.getStatus());
        return ResponseEntity.ok(ApiResponse.success("用户状态更新成功"));
    }
}